[cryptography] DKIM: Who cares?

John Levine johnl at iecc.com
Thu Oct 25 09:37:26 EDT 2012

>Note the weasel-words "long-lived." I think that the people caught out
>in this were risking things -- but let's also note that the length of
>exposure is the TTL of the DNS entries.

Seems to me that if it's possible to reverse engineer the signing key
in three days, you'd need to change the key more often than that.  

I've asked around, and found that it's rare for people to rotate their
DKIM keys more often than quarterly.  So even if a key takes two months
to crack, there could still be a fairly wide window to use the cracked
key before it's rotated.  I rotate every month, but appear to be the
only mail system in the world that rotates that often.

This kind of key problem isn't specific to DKIM, of course.  DKIM key
rotation is very easy, and you can use at least a 1536 bit key before
you run into DNS packet size issues, so it's not hard to do right.


More information about the cryptography mailing list